summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/additional_software_packages/offline_mode.mdwn
blob: 5c1a6dbe73d7d436501898963787b9f1a6de0e47 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
[[!meta title="Offline mode for additional software packages"]]

This is about [[!tails_ticket 14570]] which we plan to implement for Tails 3.5.

[[!toc levels=2]]

# Goal

Have Additional software packages to work offline forever, but to upgrade when connecting to the Internet.

# Current status

According to [[!tails_ticket 6260]] Additional Software Packages works offline for a dew days after being connected, but then fails.

We researched the possible root causes of this class of issues and
identified three:

## APT indices have expired

This was the hypothesis on [[!tails_ticket 6260]].

Release file corresponding to the packages to be installed is expired.
This is controlled by the `Valid-Until` field of the Release file
(<https://wiki.debian.org/DebianRepository/Format#Date.2C_Valid-Until>).

Looking at Valid-Until fields on Tails, it seems to be :

- ~1 week for unstable and stable/update
- ~1 month for torproject.org
- unlimited for stable

Testing and study of the APT source code show that this problem does
not exist anymore on Tails 3.3: APT checks the indices expiration date
only when it downloads them, not when it reads them to
install packages.

### Testing procedure

I tried installing packages offline in Tails 3.3 using the following procedure on 14 Dec 2017:

* start Tails online with persistence of apt packages and apt lists
* install optipng (currently pulled from stretch/updates, which expires on 22 Dec 2017) and wdiff (from stretch, which doesn't expire) and add them to additional software list
* reboot offline
* the install works and optipng version is the one from stretch/updates
* set the date 1 year in the future in the BIOS
* reboot offline
* the install works and optipng version is the one from stretch/updates

I went through the entire procedure 3 times and got the same results.
Basic offline operation is thus already working, and
[[!tails_ticket 6260]] seems to be have been resolved: recent APT
doesn't check Valid-Until on package installation.

## One of the packages was not cached in the first place

When I run Tails 3.3, install a package with `apt` and add it to my
list of Additional Software Packages, then if I am offline when
I start Tails the next time, this package won't be installed.

The root cause of this problem was identified and a fix has been
committed for Tails 3.5 ([[!tails_ticket 10958]]).

## Incomplete online upgrade process

Assume that during an online Tails session, the APT indices are
successfully updated, but then Tails is shut down before the upgraded
Debian packages were downloaded. Then, if Tails is started offline the
next time, the packages that needed to be upgraded cannot
be installed.

This is the only remaining problem we should consider fixing.

### Proposed solution

- in the *upgrade* operation : save the content `/var/lib/apt/lists/` before running the `apt-get update`. It could be stored to a specific location, e.g. `/live/persistence/TailsData_unlocked/tails-additional-software/working_apt_lists/`. After a successful `apt-get upgrade`, remove the *working_apt_lists*.
- in the *install* operation : if there is a backup present, restore it before running `apt-get install`

### Testing procedure

We should find a testing procedure, which doesn't look trivial, as the problem only occurs when there is an upgrade of an additional software package.

- setup **offline** tails with persistence including *APT lists* and *APT cache*
- setup an *Additional Software Package* that has been upgraded in the last point release 
- copy lists before the last Debian point release to `/var/lib/apt/lists`
- copy the old version of the package in `/val/lib/apt/archives`
- reboot online. The installation should work.
- reboot online and cut the network after APT update, but before the upgrade. The lists should be uptodate, but the packages not updated.
- reboot offline. The installation should currently fail.